mongodb 5.1.0 → 5.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (120) hide show
  1. package/README.md +25 -22
  2. package/lib/change_stream.js +1 -1
  3. package/lib/cmap/auth/auth_provider.js +21 -10
  4. package/lib/cmap/auth/auth_provider.js.map +1 -1
  5. package/lib/cmap/auth/gssapi.js +71 -116
  6. package/lib/cmap/auth/gssapi.js.map +1 -1
  7. package/lib/cmap/auth/mongo_credentials.js +7 -9
  8. package/lib/cmap/auth/mongo_credentials.js.map +1 -1
  9. package/lib/cmap/auth/mongocr.js +20 -29
  10. package/lib/cmap/auth/mongocr.js.map +1 -1
  11. package/lib/cmap/auth/mongodb_aws.js +125 -140
  12. package/lib/cmap/auth/mongodb_aws.js.map +1 -1
  13. package/lib/cmap/auth/mongodb_oidc/aws_service_workflow.js +28 -0
  14. package/lib/cmap/auth/mongodb_oidc/aws_service_workflow.js.map +1 -0
  15. package/lib/cmap/auth/mongodb_oidc/callback_workflow.js +178 -0
  16. package/lib/cmap/auth/mongodb_oidc/callback_workflow.js.map +1 -0
  17. package/lib/cmap/auth/mongodb_oidc/service_workflow.js +41 -0
  18. package/lib/cmap/auth/mongodb_oidc/service_workflow.js.map +1 -0
  19. package/lib/cmap/auth/mongodb_oidc/token_entry_cache.js +115 -0
  20. package/lib/cmap/auth/mongodb_oidc/token_entry_cache.js.map +1 -0
  21. package/lib/cmap/auth/mongodb_oidc/workflow.js +3 -0
  22. package/lib/cmap/auth/mongodb_oidc/workflow.js.map +1 -0
  23. package/lib/cmap/auth/mongodb_oidc.js +59 -0
  24. package/lib/cmap/auth/mongodb_oidc.js.map +1 -1
  25. package/lib/cmap/auth/plain.js +4 -5
  26. package/lib/cmap/auth/plain.js.map +1 -1
  27. package/lib/cmap/auth/providers.js +1 -1
  28. package/lib/cmap/auth/providers.js.map +1 -1
  29. package/lib/cmap/auth/scram.js +45 -73
  30. package/lib/cmap/auth/scram.js.map +1 -1
  31. package/lib/cmap/auth/x509.js +8 -11
  32. package/lib/cmap/auth/x509.js.map +1 -1
  33. package/lib/cmap/command_monitoring_events.js +8 -5
  34. package/lib/cmap/command_monitoring_events.js.map +1 -1
  35. package/lib/cmap/commands.js +1 -1
  36. package/lib/cmap/commands.js.map +1 -1
  37. package/lib/cmap/connect.js +72 -86
  38. package/lib/cmap/connect.js.map +1 -1
  39. package/lib/cmap/connection.js +19 -23
  40. package/lib/cmap/connection.js.map +1 -1
  41. package/lib/cmap/connection_pool.js +49 -11
  42. package/lib/cmap/connection_pool.js.map +1 -1
  43. package/lib/cmap/message_stream.js.map +1 -1
  44. package/lib/cmap/wire_protocol/shared.js +1 -16
  45. package/lib/cmap/wire_protocol/shared.js.map +1 -1
  46. package/lib/collection.js +10 -10
  47. package/lib/connection_string.js +11 -17
  48. package/lib/connection_string.js.map +1 -1
  49. package/lib/cursor/abstract_cursor.js +1 -1
  50. package/lib/cursor/find_cursor.js +1 -1
  51. package/lib/db.js +2 -2
  52. package/lib/error.js +2 -1
  53. package/lib/error.js.map +1 -1
  54. package/lib/mongo_client.js +22 -2
  55. package/lib/mongo_client.js.map +1 -1
  56. package/lib/mongo_logger.js +17 -1
  57. package/lib/mongo_logger.js.map +1 -1
  58. package/lib/operations/execute_operation.js +8 -27
  59. package/lib/operations/execute_operation.js.map +1 -1
  60. package/lib/operations/find.js +1 -1
  61. package/lib/read_concern.js +1 -1
  62. package/lib/read_preference.js +2 -2
  63. package/lib/sdam/topology.js +0 -16
  64. package/lib/sdam/topology.js.map +1 -1
  65. package/lib/utils.js +15 -70
  66. package/lib/utils.js.map +1 -1
  67. package/lib/write_concern.js +1 -1
  68. package/mongodb.d.ts +103 -70
  69. package/package.json +29 -30
  70. package/src/bulk/common.ts +1 -1
  71. package/src/change_stream.ts +5 -5
  72. package/src/cmap/auth/auth_provider.ts +29 -16
  73. package/src/cmap/auth/gssapi.ts +102 -149
  74. package/src/cmap/auth/mongo_credentials.ts +14 -23
  75. package/src/cmap/auth/mongocr.ts +31 -36
  76. package/src/cmap/auth/mongodb_aws.ts +166 -189
  77. package/src/cmap/auth/mongodb_oidc/aws_service_workflow.ts +26 -0
  78. package/src/cmap/auth/mongodb_oidc/callback_workflow.ts +259 -0
  79. package/src/cmap/auth/mongodb_oidc/service_workflow.ts +47 -0
  80. package/src/cmap/auth/mongodb_oidc/token_entry_cache.ts +166 -0
  81. package/src/cmap/auth/mongodb_oidc/workflow.ts +21 -0
  82. package/src/cmap/auth/mongodb_oidc.ts +101 -17
  83. package/src/cmap/auth/plain.ts +6 -6
  84. package/src/cmap/auth/providers.ts +2 -2
  85. package/src/cmap/auth/scram.ts +56 -90
  86. package/src/cmap/auth/x509.ts +12 -18
  87. package/src/cmap/command_monitoring_events.ts +5 -2
  88. package/src/cmap/commands.ts +1 -1
  89. package/src/cmap/connect.ts +90 -114
  90. package/src/cmap/connection.ts +36 -24
  91. package/src/cmap/connection_pool.ts +75 -14
  92. package/src/cmap/message_stream.ts +0 -2
  93. package/src/cmap/wire_protocol/compression.ts +1 -1
  94. package/src/cmap/wire_protocol/shared.ts +1 -23
  95. package/src/collection.ts +10 -10
  96. package/src/connection_string.ts +12 -17
  97. package/src/cursor/abstract_cursor.ts +2 -2
  98. package/src/cursor/change_stream_cursor.ts +5 -5
  99. package/src/cursor/find_cursor.ts +1 -1
  100. package/src/db.ts +2 -2
  101. package/src/deps.ts +3 -2
  102. package/src/error.ts +3 -2
  103. package/src/index.ts +1 -0
  104. package/src/mongo_client.ts +35 -10
  105. package/src/mongo_logger.ts +20 -2
  106. package/src/mongo_types.ts +2 -2
  107. package/src/operations/aggregate.ts +1 -1
  108. package/src/operations/create_collection.ts +1 -1
  109. package/src/operations/execute_operation.ts +8 -25
  110. package/src/operations/find.ts +1 -1
  111. package/src/operations/find_and_modify.ts +4 -4
  112. package/src/operations/set_profiling_level.ts +1 -1
  113. package/src/operations/stats.ts +1 -1
  114. package/src/read_concern.ts +2 -2
  115. package/src/read_preference.ts +3 -3
  116. package/src/sdam/common.ts +2 -2
  117. package/src/sdam/topology.ts +0 -20
  118. package/src/transactions.ts +1 -1
  119. package/src/utils.ts +24 -98
  120. package/src/write_concern.ts +1 -1
package/lib/cmap/auth/mongodb_aws.js CHANGED
@@ -4,6 +4,7 @@ exports.MongoDBAWS = void 0;
4
4
  const crypto = require("crypto");
5
5
  const http = require("http");
6
6
  const url = require("url");
7
+ const util_1 = require("util");
7
8
  const BSON = require("../../bson");
8
9
  const deps_1 = require("../../deps");
9
10
  const error_1 = require("../../error");
@@ -23,28 +24,26 @@ const bsonOptions = {
23
24
  bsonRegExp: false
24
25
  };
25
26
  class MongoDBAWS extends auth_provider_1.AuthProvider {
26
- auth(authContext, callback) {
27
- const { connection, credentials } = authContext;
28
- if (!credentials) {
29
- return callback(new error_1.MongoMissingCredentialsError('AuthContext must provide credentials.'));
27
+ constructor() {
28
+ super();
29
+ this.randomBytesAsync = (0, util_1.promisify)(crypto.randomBytes);
30
+ }
31
+ async auth(authContext) {
32
+ const { connection } = authContext;
33
+ if (!authContext.credentials) {
34
+ throw new error_1.MongoMissingCredentialsError('AuthContext must provide credentials.');
30
35
  }
31
36
  if ('kModuleError' in deps_1.aws4) {
32
- return callback(deps_1.aws4['kModuleError']);
37
+ throw deps_1.aws4['kModuleError'];
33
38
  }
34
39
  const { sign } = deps_1.aws4;
35
40
  if ((0, utils_1.maxWireVersion)(connection) < 9) {
36
- callback(new error_1.MongoCompatibilityError('MONGODB-AWS authentication requires MongoDB version 4.4 or later'));
37
- return;
41
+ throw new error_1.MongoCompatibilityError('MONGODB-AWS authentication requires MongoDB version 4.4 or later');
38
42
  }
39
- if (!credentials.username) {
40
- makeTempCredentials(credentials, (err, tempCredentials) => {
41
- if (err || !tempCredentials)
42
- return callback(err);
43
- authContext.credentials = tempCredentials;
44
- this.auth(authContext, callback);
45
- });
46
- return;
43
+ if (!authContext.credentials.username) {
44
+ authContext.credentials = await makeTempCredentials(authContext.credentials);
47
45
  }
46
+ const { credentials } = authContext;
48
47
  const accessKeyId = credentials.username;
49
48
  const secretAccessKey = credentials.password;
50
49
  const sessionToken = credentials.mechanismProperties.AWS_SESSION_TOKEN;
@@ -55,80 +54,67 @@ class MongoDBAWS extends auth_provider_1.AuthProvider {
55
54
  ? { accessKeyId, secretAccessKey }
56
55
  : undefined;
57
56
  const db = credentials.source;
58
- crypto.randomBytes(32, (err, nonce) => {
59
- if (err) {
60
- callback(err);
61
- return;
62
- }
63
- const saslStart = {
64
- saslStart: 1,
65
- mechanism: 'MONGODB-AWS',
66
- payload: BSON.serialize({ r: nonce, p: ASCII_N }, bsonOptions)
67
- };
68
- connection.command((0, utils_1.ns)(`${db}.$cmd`), saslStart, undefined, (err, res) => {
69
- if (err)
70
- return callback(err);
71
- const serverResponse = BSON.deserialize(res.payload.buffer, bsonOptions);
72
- const host = serverResponse.h;
73
- const serverNonce = serverResponse.s.buffer;
74
- if (serverNonce.length !== 64) {
75
- callback(
76
- // TODO(NODE-3483)
77
- new error_1.MongoRuntimeError(`Invalid server nonce length ${serverNonce.length}, expected 64`));
78
- return;
79
- }
80
- if (!utils_1.ByteUtils.equals(serverNonce.subarray(0, nonce.byteLength), nonce)) {
81
- // throw because the serverNonce's leading 32 bytes must equal the client nonce's 32 bytes
82
- // https://github.com/mongodb/specifications/blob/875446db44aade414011731840831f38a6c668df/source/auth/auth.rst#id11
83
- // TODO(NODE-3483)
84
- callback(new error_1.MongoRuntimeError('Server nonce does not begin with client nonce'));
85
- return;
86
- }
87
- if (host.length < 1 || host.length > 255 || host.indexOf('..') !== -1) {
88
- // TODO(NODE-3483)
89
- callback(new error_1.MongoRuntimeError(`Server returned an invalid host: "${host}"`));
90
- return;
91
- }
92
- const body = 'Action=GetCallerIdentity&Version=2011-06-15';
93
- const options = sign({
94
- method: 'POST',
95
- host,
96
- region: deriveRegion(serverResponse.h),
97
- service: 'sts',
98
- headers: {
99
- 'Content-Type': 'application/x-www-form-urlencoded',
100
- 'Content-Length': body.length,
101
- 'X-MongoDB-Server-Nonce': utils_1.ByteUtils.toBase64(serverNonce),
102
- 'X-MongoDB-GS2-CB-Flag': 'n'
103
- },
104
- path: '/',
105
- body
106
- }, awsCredentials);
107
- const payload = {
108
- a: options.headers.Authorization,
109
- d: options.headers['X-Amz-Date']
110
- };
111
- if (sessionToken) {
112
- payload.t = sessionToken;
113
- }
114
- const saslContinue = {
115
- saslContinue: 1,
116
- conversationId: 1,
117
- payload: BSON.serialize(payload, bsonOptions)
118
- };
119
- connection.command((0, utils_1.ns)(`${db}.$cmd`), saslContinue, undefined, callback);
120
- });
121
- });
57
+ const nonce = await this.randomBytesAsync(32);
58
+ const saslStart = {
59
+ saslStart: 1,
60
+ mechanism: 'MONGODB-AWS',
61
+ payload: BSON.serialize({ r: nonce, p: ASCII_N }, bsonOptions)
62
+ };
63
+ const saslStartResponse = await connection.commandAsync((0, utils_1.ns)(`${db}.$cmd`), saslStart, undefined);
64
+ const serverResponse = BSON.deserialize(saslStartResponse.payload.buffer, bsonOptions);
65
+ const host = serverResponse.h;
66
+ const serverNonce = serverResponse.s.buffer;
67
+ if (serverNonce.length !== 64) {
68
+ // TODO(NODE-3483)
69
+ throw new error_1.MongoRuntimeError(`Invalid server nonce length ${serverNonce.length}, expected 64`);
70
+ }
71
+ if (!utils_1.ByteUtils.equals(serverNonce.subarray(0, nonce.byteLength), nonce)) {
72
+ // throw because the serverNonce's leading 32 bytes must equal the client nonce's 32 bytes
73
+ // https://github.com/mongodb/specifications/blob/875446db44aade414011731840831f38a6c668df/source/auth/auth.rst#id11
74
+ // TODO(NODE-3483)
75
+ throw new error_1.MongoRuntimeError('Server nonce does not begin with client nonce');
76
+ }
77
+ if (host.length < 1 || host.length > 255 || host.indexOf('..') !== -1) {
78
+ // TODO(NODE-3483)
79
+ throw new error_1.MongoRuntimeError(`Server returned an invalid host: "${host}"`);
80
+ }
81
+ const body = 'Action=GetCallerIdentity&Version=2011-06-15';
82
+ const options = sign({
83
+ method: 'POST',
84
+ host,
85
+ region: deriveRegion(serverResponse.h),
86
+ service: 'sts',
87
+ headers: {
88
+ 'Content-Type': 'application/x-www-form-urlencoded',
89
+ 'Content-Length': body.length,
90
+ 'X-MongoDB-Server-Nonce': utils_1.ByteUtils.toBase64(serverNonce),
91
+ 'X-MongoDB-GS2-CB-Flag': 'n'
92
+ },
93
+ path: '/',
94
+ body
95
+ }, awsCredentials);
96
+ const payload = {
97
+ a: options.headers.Authorization,
98
+ d: options.headers['X-Amz-Date']
99
+ };
100
+ if (sessionToken) {
101
+ payload.t = sessionToken;
102
+ }
103
+ const saslContinue = {
104
+ saslContinue: 1,
105
+ conversationId: 1,
106
+ payload: BSON.serialize(payload, bsonOptions)
107
+ };
108
+ await connection.commandAsync((0, utils_1.ns)(`${db}.$cmd`), saslContinue, undefined);
122
109
  }
123
110
  }
124
111
  exports.MongoDBAWS = MongoDBAWS;
125
- function makeTempCredentials(credentials, callback) {
126
- function done(creds) {
112
+ async function makeTempCredentials(credentials) {
113
+ function makeMongoCredentialsFromAWSTemp(creds) {
127
114
  if (!creds.AccessKeyId || !creds.SecretAccessKey || !creds.Token) {
128
- callback(new error_1.MongoMissingCredentialsError('Could not obtain temporary MONGODB-AWS credentials'));
129
- return;
115
+ throw new error_1.MongoMissingCredentialsError('Could not obtain temporary MONGODB-AWS credentials');
130
116
  }
131
- callback(undefined, new mongo_credentials_1.MongoCredentials({
117
+ return new mongo_credentials_1.MongoCredentials({
132
118
  username: creds.AccessKeyId,
133
119
  password: creds.SecretAccessKey,
134
120
  source: credentials.source,
@@ -136,7 +122,7 @@ function makeTempCredentials(credentials, callback) {
136
122
  mechanismProperties: {
137
123
  AWS_SESSION_TOKEN: creds.Token
138
124
  }
139
- }));
125
+ });
140
126
  }
141
127
  const credentialProvider = (0, deps_1.getAwsCredentialProvider)();
142
128
  // Check if the AWS credential provider from the SDK is present. If not,
@@ -145,30 +131,25 @@ function makeTempCredentials(credentials, callback) {
145
131
  // If the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
146
132
  // is set then drivers MUST assume that it was set by an AWS ECS agent
147
133
  if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) {
148
- request(`${AWS_RELATIVE_URI}${process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}`, undefined, (err, res) => {
149
- if (err)
150
- return callback(err);
151
- done(res);
152
- });
153
- return;
134
+ return makeMongoCredentialsFromAWSTemp(await request(`${AWS_RELATIVE_URI}${process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI}`));
154
135
  }
155
136
  // Otherwise assume we are on an EC2 instance
156
137
  // get a token
157
- request(`${AWS_EC2_URI}/latest/api/token`, { method: 'PUT', json: false, headers: { 'X-aws-ec2-metadata-token-ttl-seconds': 30 } }, (err, token) => {
158
- if (err)
159
- return callback(err);
160
- // get role name
161
- request(`${AWS_EC2_URI}/${AWS_EC2_PATH}`, { json: false, headers: { 'X-aws-ec2-metadata-token': token } }, (err, roleName) => {
162
- if (err)
163
- return callback(err);
164
- // get temp credentials
165
- request(`${AWS_EC2_URI}/${AWS_EC2_PATH}/${roleName}`, { headers: { 'X-aws-ec2-metadata-token': token } }, (err, creds) => {
166
- if (err)
167
- return callback(err);
168
- done(creds);
169
- });
170
- });
138
+ const token = await request(`${AWS_EC2_URI}/latest/api/token`, {
139
+ method: 'PUT',
140
+ json: false,
141
+ headers: { 'X-aws-ec2-metadata-token-ttl-seconds': 30 }
142
+ });
143
+ // get role name
144
+ const roleName = await request(`${AWS_EC2_URI}/${AWS_EC2_PATH}`, {
145
+ json: false,
146
+ headers: { 'X-aws-ec2-metadata-token': token }
147
+ });
148
+ // get temp credentials
149
+ const creds = await request(`${AWS_EC2_URI}/${AWS_EC2_PATH}/${roleName}`, {
150
+ headers: { 'X-aws-ec2-metadata-token': token }
171
151
  });
152
+ return makeMongoCredentialsFromAWSTemp(creds);
172
153
  }
173
154
  else {
174
155
  /*
@@ -183,18 +164,18 @@ function makeTempCredentials(credentials, callback) {
183
164
  */
184
165
  const { fromNodeProviderChain } = credentialProvider;
185
166
  const provider = fromNodeProviderChain();
186
- provider()
187
- .then((creds) => {
188
- done({
167
+ try {
168
+ const creds = await provider();
169
+ return makeMongoCredentialsFromAWSTemp({
189
170
  AccessKeyId: creds.accessKeyId,
190
171
  SecretAccessKey: creds.secretAccessKey,
191
172
  Token: creds.sessionToken,
192
173
  Expiration: creds.expiration
193
174
  });
194
- })
195
- .catch((error) => {
196
- callback(new error_1.MongoAWSError(error.message));
197
- });
175
+ }
176
+ catch (error) {
177
+ throw new error_1.MongoAWSError(error.message);
178
+ }
198
179
  }
199
180
  }
200
181
  function deriveRegion(host) {
@@ -204,35 +185,39 @@ function deriveRegion(host) {
204
185
  }
205
186
  return parts[1];
206
187
  }
207
- function request(uri, _options, callback) {
208
- const options = Object.assign({
209
- method: 'GET',
210
- timeout: 10000,
211
- json: true
212
- }, url.parse(uri), _options);
213
- const req = http.request(options, res => {
214
- res.setEncoding('utf8');
215
- let data = '';
216
- res.on('data', d => (data += d));
217
- res.on('end', () => {
218
- if (options.json === false) {
219
- callback(undefined, data);
220
- return;
221
- }
222
- try {
223
- const parsed = JSON.parse(data);
224
- callback(undefined, parsed);
225
- }
226
- catch (err) {
227
- // TODO(NODE-3483)
228
- callback(new error_1.MongoRuntimeError(`Invalid JSON response: "${data}"`));
229
- }
188
+ async function request(uri, options = {}) {
189
+ return new Promise((resolve, reject) => {
190
+ const requestOptions = {
191
+ method: 'GET',
192
+ timeout: 10000,
193
+ json: true,
194
+ ...url.parse(uri),
195
+ ...options
196
+ };
197
+ const req = http.request(requestOptions, res => {
198
+ res.setEncoding('utf8');
199
+ let data = '';
200
+ res.on('data', d => {
201
+ data += d;
202
+ });
203
+ res.once('end', () => {
204
+ if (options.json === false) {
205
+ resolve(data);
206
+ return;
207
+ }
208
+ try {
209
+ const parsed = JSON.parse(data);
210
+ resolve(parsed);
211
+ }
212
+ catch {
213
+ // TODO(NODE-3483)
214
+ reject(new error_1.MongoRuntimeError(`Invalid JSON response: "${data}"`));
215
+ }
216
+ });
230
217
  });
218
+ req.once('timeout', () => req.destroy(new error_1.MongoAWSError(`AWS request to ${uri} timed out after ${options.timeout} ms`)));
219
+ req.once('error', error => reject(error));
220
+ req.end();
231
221
  });
232
- req.on('timeout', () => {
233
- req.destroy(new error_1.MongoAWSError(`AWS request to ${uri} timed out after ${options.timeout} ms`));
234
- });
235
- req.on('error', err => callback(err));
236
- req.end();
237
222
  }
238
223
  //# sourceMappingURL=mongodb_aws.js.map
package/lib/cmap/auth/mongodb_aws.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"mongodb_aws.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongodb_aws.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AACjC,6BAA6B;AAC7B,2BAA2B;AAG3B,mCAAmC;AACnC,qCAA4D;AAC5D,uCAKqB;AACrB,uCAAsE;AACtE,mDAA4D;AAC5D,2DAAuD;AACvD,2CAA4C;AAE5C,MAAM,OAAO,GAAG,GAAG,CAAC;AACpB,MAAM,gBAAgB,GAAG,sBAAsB,CAAC;AAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC;AAC7C,MAAM,YAAY,GAAG,4CAA4C,CAAC;AAClE,MAAM,WAAW,GAAyB;IACxC,WAAW,EAAE,KAAK;IAClB,YAAY,EAAE,IAAI;IAClB,aAAa,EAAE,IAAI;IACnB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE,KAAK;CAClB,CAAC;AAQF,MAAa,UAAW,SAAQ,4BAAY;IACjC,IAAI,CAAC,WAAwB,EAAE,QAAkB;QACxD,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QAChD,IAAI,CAAC,WAAW,EAAE;YAChB,OAAO,QAAQ,CAAC,IAAI,oCAA4B,CAAC,uCAAuC,CAAC,CAAC,CAAC;SAC5F;QAED,IAAI,cAAc,IAAI,WAAI,EAAE;YAC1B,OAAO,QAAQ,CAAC,WAAI,CAAC,cAAc,CAAC,CAAC,CAAC;SACvC;QACD,MAAM,EAAE,IAAI,EAAE,GAAG,WAAI,CAAC;QAEtB,IAAI,IAAA,sBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,EAAE;YAClC,QAAQ,CACN,IAAI,+BAAuB,CACzB,kEAAkE,CACnE,CACF,CAAC;YACF,OAAO;SACR;QAED,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE;YACzB,mBAAmB,CAAC,WAAW,EAAE,CAAC,GAAG,EAAE,eAAe,EAAE,EAAE;gBACxD,IAAI,GAAG,IAAI,CAAC,eAAe;oBAAE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAElD,WAAW,CAAC,WAAW,GAAG,eAAe,CAAC;gBAC1C,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,OAAO;SACR;QAED,MAAM,WAAW,GAAG,WAAW,CAAC,QAAQ,CAAC;QACzC,MAAM,eAAe,GAAG,WAAW,CAAC,QAAQ,CAAC;QAC7C,MAAM,YAAY,GAAG,WAAW,CAAC,mBAAmB,CAAC,iBAAiB,CAAC;QAEvE,kGAAkG;QAClG,MAAM,cAAc,GAClB,WAAW,IAAI,eAAe,IAAI,YAAY;YAC5C,CAAC,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,YAAY,EAAE;YAChD,CAAC,CAAC,WAAW,IAAI,eAAe;gBAChC,CAAC,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE;gBAClC,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC;QAC9B,MAAM,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;YACpC,IAAI,GAAG,EAAE;gBACP,QAAQ,CAAC,GAAG,CAAC,CAAC;gBACd,OAAO;aACR;YAED,MAAM,SAAS,GAAG;gBAChB,SAAS,EAAE,CAAC;gBACZ,SAAS,EAAE,aAAa;gBACxB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,WAAW,CAAC;aAC/D,CAAC;YAEF,UAAU,CAAC,OAAO,CAAC,IAAA,UAAE,EAAC,GAAG,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBACtE,IAAI,GAAG;oBAAE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAE9B,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAGtE,CAAC;gBACF,MAAM,IAAI,GAAG,cAAc,CAAC,CAAC,CAAC;gBAC9B,MAAM,WAAW,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC;gBAC5C,IAAI,WAAW,CAAC,MAAM,KAAK,EAAE,EAAE;oBAC7B,QAAQ;oBACN,kBAAkB;oBAClB,IAAI,yBAAiB,CAAC,+BAA+B,WAAW,CAAC,MAAM,eAAe,CAAC,CACxF,CAAC;oBAEF,OAAO;iBACR;gBAED,IAAI,CAAC,iBAAS,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,EAAE;oBACvE,0FAA0F;oBAC1F,oHAAoH;oBAEpH,kBAAkB;oBAClB,QAAQ,CAAC,IAAI,yBAAiB,CAAC,+CAA+C,CAAC,CAAC,CAAC;oBACjF,OAAO;iBACR;gBAED,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE;oBACrE,kBAAkB;oBAClB,QAAQ,CAAC,IAAI,yBAAiB,CAAC,qCAAqC,IAAI,GAAG,CAAC,CAAC,CAAC;oBAC9E,OAAO;iBACR;gBAED,MAAM,IAAI,GAAG,6CAA6C,CAAC;gBAC3D,MAAM,OAAO,GAAG,IAAI,CAClB;oBACE,MAAM,EAAE,MAAM;oBACd,IAAI;oBACJ,MAAM,EAAE,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;oBACtC,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE;wBACP,cAAc,EAAE,mCAAmC;wBACnD,gBAAgB,EAAE,IAAI,CAAC,MAAM;wBAC7B,wBAAwB,EAAE,iBAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;wBACzD,uBAAuB,EAAE,GAAG;qBAC7B;oBACD,IAAI,EAAE,GAAG;oBACT,IAAI;iBACL,EACD,cAAc,CACf,CAAC;gBAEF,MAAM,OAAO,GAA2B;oBACtC,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,aAAa;oBAChC,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC;iBACjC,CAAC;gBACF,IAAI,YAAY,EAAE;oBAChB,OAAO,CAAC,CAAC,GAAG,YAAY,CAAC;iBAC1B;gBAED,MAAM,YAAY,GAAG;oBACnB,YAAY,EAAE,CAAC;oBACf,cAAc,EAAE,CAAC;oBACjB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,WAAW,CAAC;iBAC9C,CAAC;gBAEF,UAAU,CAAC,OAAO,CAAC,IAAA,UAAE,EAAC,GAAG,EAAE,OAAO,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC1E,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AA/HD,gCA+HC;AAkBD,SAAS,mBAAmB,CAAC,WAA6B,EAAE,QAAoC;IAC9F,SAAS,IAAI,CAAC,KAAyB;QACrC,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE;YAChE,QAAQ,CACN,IAAI,oCAA4B,CAAC,oDAAoD,CAAC,CACvF,CAAC;YACF,OAAO;SACR;QAED,QAAQ,CACN,SAAS,EACT,IAAI,oCAAgB,CAAC;YACnB,QAAQ,EAAE,KAAK,CAAC,WAAW;YAC3B,QAAQ,EAAE,KAAK,CAAC,eAAe;YAC/B,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,SAAS,EAAE,yBAAa,CAAC,WAAW;YACpC,mBAAmB,EAAE;gBACnB,iBAAiB,EAAE,KAAK,CAAC,KAAK;aAC/B;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAED,MAAM,kBAAkB,GAAG,IAAA,+BAAwB,GAAE,CAAC;IAEtD,wEAAwE;IACxE,sBAAsB;IACtB,IAAI,cAAc,IAAI,kBAAkB,EAAE;QACxC,qEAAqE;QACrE,sEAAsE;QACtE,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE;YACtD,OAAO,CACL,GAAG,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,EAC1E,SAAS,EACT,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBACX,IAAI,GAAG;oBAAE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,CAAC,GAAG,CAAC,CAAC;YACZ,CAAC,CACF,CAAC;YAEF,OAAO;SACR;QAED,6CAA6C;QAE7C,cAAc;QACd,OAAO,CACL,GAAG,WAAW,mBAAmB,EACjC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,sCAAsC,EAAE,EAAE,EAAE,EAAE,EACvF,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;YACb,IAAI,GAAG;gBAAE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;YAE9B,gBAAgB;YAChB,OAAO,CACL,GAAG,WAAW,IAAI,YAAY,EAAE,EAChC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,0BAA0B,EAAE,KAAK,EAAE,EAAE,EAC/D,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;gBAChB,IAAI,GAAG;oBAAE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAE9B,uBAAuB;gBACvB,OAAO,CACL,GAAG,WAAW,IAAI,YAAY,IAAI,QAAQ,EAAE,EAC5C,EAAE,OAAO,EAAE,EAAE,0BAA0B,EAAE,KAAK,EAAE,EAAE,EAClD,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;oBACb,IAAI,GAAG;wBAAE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;oBAC9B,IAAI,CAAC,KAAK,CAAC,CAAC;gBACd,CAAC,CACF,CAAC;YACJ,CAAC,CACF,CAAC;QACJ,CAAC,CACF,CAAC;KACH;SAAM;QACL;;;;;;;;;WASG;QACH,MAAM,EAAE,qBAAqB,EAAE,GAAG,kBAAkB,CAAC;QACrD,MAAM,QAAQ,GAAG,qBAAqB,EAAE,CAAC;QACzC,QAAQ,EAAE;aACP,IAAI,CAAC,CAAC,KAAqB,EAAE,EAAE;YAC9B,IAAI,CAAC;gBACH,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,eAAe,EAAE,KAAK,CAAC,eAAe;gBACtC,KAAK,EAAE,KAAK,CAAC,YAAY;gBACzB,UAAU,EAAE,KAAK,CAAC,UAAU;aAC7B,CAAC,CAAC;QACL,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAY,EAAE,EAAE;YACtB,QAAQ,CAAC,IAAI,qBAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;KACN;AACH,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,WAAW,EAAE;QAClD,OAAO,WAAW,CAAC;KACpB;IAED,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AASD,SAAS,OAAO,CAAC,GAAW,EAAE,QAAoC,EAAE,QAAkB;IACpF,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAC3B;QACE,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK;QACd,IAAI,EAAE,IAAI;KACX,EACD,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EACd,QAAQ,CACT,CAAC;IAEF,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;QACtC,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAExB,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE;gBAC1B,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;gBAC1B,OAAO;aACR;YAED,IAAI;gBACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAChC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;aAC7B;YAAC,OAAO,GAAG,EAAE;gBACZ,kBAAkB;gBAClB,QAAQ,CAAC,IAAI,yBAAiB,CAAC,2BAA2B,IAAI,GAAG,CAAC,CAAC,CAAC;aACrE;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;QACrB,GAAG,CAAC,OAAO,CAAC,IAAI,qBAAa,CAAC,kBAAkB,GAAG,oBAAoB,OAAO,CAAC,OAAO,KAAK,CAAC,CAAC,CAAC;IAChG,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,GAAG,CAAC,GAAG,EAAE,CAAC;AACZ,CAAC"}
1
+ {"version":3,"file":"mongodb_aws.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongodb_aws.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AACjC,6BAA6B;AAC7B,2BAA2B;AAC3B,+BAAiC;AAGjC,mCAAmC;AACnC,qCAA4D;AAC5D,uCAKqB;AACrB,uCAA4D;AAC5D,mDAA4D;AAC5D,2DAAuD;AACvD,2CAA4C;AAE5C,MAAM,OAAO,GAAG,GAAG,CAAC;AACpB,MAAM,gBAAgB,GAAG,sBAAsB,CAAC;AAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC;AAC7C,MAAM,YAAY,GAAG,4CAA4C,CAAC;AAClE,MAAM,WAAW,GAAyB;IACxC,WAAW,EAAE,KAAK;IAClB,YAAY,EAAE,IAAI;IAClB,aAAa,EAAE,IAAI;IACnB,cAAc,EAAE,KAAK;IACrB,UAAU,EAAE,KAAK;CAClB,CAAC;AAQF,MAAa,UAAW,SAAQ,4BAAY;IAG1C;QACE,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,gBAAgB,GAAG,IAAA,gBAAS,EAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxD,CAAC;IAEQ,KAAK,CAAC,IAAI,CAAC,WAAwB;QAC1C,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC;QACnC,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE;YAC5B,MAAM,IAAI,oCAA4B,CAAC,uCAAuC,CAAC,CAAC;SACjF;QAED,IAAI,cAAc,IAAI,WAAI,EAAE;YAC1B,MAAM,WAAI,CAAC,cAAc,CAAC,CAAC;SAC5B;QACD,MAAM,EAAE,IAAI,EAAE,GAAG,WAAI,CAAC;QAEtB,IAAI,IAAA,sBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,EAAE;YAClC,MAAM,IAAI,+BAAuB,CAC/B,kEAAkE,CACnE,CAAC;SACH;QAED,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,QAAQ,EAAE;YACrC,WAAW,CAAC,WAAW,GAAG,MAAM,mBAAmB,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;SAC9E;QAED,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QAEpC,MAAM,WAAW,GAAG,WAAW,CAAC,QAAQ,CAAC;QACzC,MAAM,eAAe,GAAG,WAAW,CAAC,QAAQ,CAAC;QAC7C,MAAM,YAAY,GAAG,WAAW,CAAC,mBAAmB,CAAC,iBAAiB,CAAC;QAEvE,kGAAkG;QAClG,MAAM,cAAc,GAClB,WAAW,IAAI,eAAe,IAAI,YAAY;YAC5C,CAAC,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,YAAY,EAAE;YAChD,CAAC,CAAC,WAAW,IAAI,eAAe;gBAChC,CAAC,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE;gBAClC,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC;QAC9B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAE9C,MAAM,SAAS,GAAG;YAChB,SAAS,EAAE,CAAC;YACZ,SAAS,EAAE,aAAa;YACxB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,WAAW,CAAC;SAC/D,CAAC;QAEF,MAAM,iBAAiB,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,IAAA,UAAE,EAAC,GAAG,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAEhG,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAGpF,CAAC;QACF,MAAM,IAAI,GAAG,cAAc,CAAC,CAAC,CAAC;QAC9B,MAAM,WAAW,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC;QAC5C,IAAI,WAAW,CAAC,MAAM,KAAK,EAAE,EAAE;YAC7B,kBAAkB;YAClB,MAAM,IAAI,yBAAiB,CAAC,+BAA+B,WAAW,CAAC,MAAM,eAAe,CAAC,CAAC;SAC/F;QAED,IAAI,CAAC,iBAAS,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,EAAE;YACvE,0FAA0F;YAC1F,oHAAoH;YAEpH,kBAAkB;YAClB,MAAM,IAAI,yBAAiB,CAAC,+CAA+C,CAAC,CAAC;SAC9E;QAED,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE;YACrE,kBAAkB;YAClB,MAAM,IAAI,yBAAiB,CAAC,qCAAqC,IAAI,GAAG,CAAC,CAAC;SAC3E;QAED,MAAM,IAAI,GAAG,6CAA6C,CAAC;QAC3D,MAAM,OAAO,GAAG,IAAI,CAClB;YACE,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,MAAM,EAAE,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;YACtC,OAAO,EAAE,KAAK;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;gBACnD,gBAAgB,EAAE,IAAI,CAAC,MAAM;gBAC7B,wBAAwB,EAAE,iBAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;gBACzD,uBAAuB,EAAE,GAAG;aAC7B;YACD,IAAI,EAAE,GAAG;YACT,IAAI;SACL,EACD,cAAc,CACf,CAAC;QAEF,MAAM,OAAO,GAA2B;YACtC,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,aAAa;YAChC,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC;SACjC,CAAC;QAEF,IAAI,YAAY,EAAE;YAChB,OAAO,CAAC,CAAC,GAAG,YAAY,CAAC;SAC1B;QAED,MAAM,YAAY,GAAG;YACnB,YAAY,EAAE,CAAC;YACf,cAAc,EAAE,CAAC;YACjB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,WAAW,CAAC;SAC9C,CAAC;QAEF,MAAM,UAAU,CAAC,YAAY,CAAC,IAAA,UAAE,EAAC,GAAG,EAAE,OAAO,CAAC,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IAC3E,CAAC;CACF;AAlHD,gCAkHC;AAkBD,KAAK,UAAU,mBAAmB,CAAC,WAA6B;IAC9D,SAAS,+BAA+B,CAAC,KAAyB;QAChE,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE;YAChE,MAAM,IAAI,oCAA4B,CAAC,oDAAoD,CAAC,CAAC;SAC9F;QAED,OAAO,IAAI,oCAAgB,CAAC;YAC1B,QAAQ,EAAE,KAAK,CAAC,WAAW;YAC3B,QAAQ,EAAE,KAAK,CAAC,eAAe;YAC/B,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,SAAS,EAAE,yBAAa,CAAC,WAAW;YACpC,mBAAmB,EAAE;gBACnB,iBAAiB,EAAE,KAAK,CAAC,KAAK;aAC/B;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,kBAAkB,GAAG,IAAA,+BAAwB,GAAE,CAAC;IAEtD,wEAAwE;IACxE,sBAAsB;IACtB,IAAI,cAAc,IAAI,kBAAkB,EAAE;QACxC,qEAAqE;QACrE,sEAAsE;QACtE,IAAI,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE;YACtD,OAAO,+BAA+B,CACpC,MAAM,OAAO,CAAC,GAAG,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,CAAC,CAC1F,CAAC;SACH;QAED,6CAA6C;QAE7C,cAAc;QACd,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,WAAW,mBAAmB,EAAE;YAC7D,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,EAAE,sCAAsC,EAAE,EAAE,EAAE;SACxD,CAAC,CAAC;QAEH,gBAAgB;QAChB,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,WAAW,IAAI,YAAY,EAAE,EAAE;YAC/D,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,EAAE,0BAA0B,EAAE,KAAK,EAAE;SAC/C,CAAC,CAAC;QAEH,uBAAuB;QACvB,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,WAAW,IAAI,YAAY,IAAI,QAAQ,EAAE,EAAE;YACxE,OAAO,EAAE,EAAE,0BAA0B,EAAE,KAAK,EAAE;SAC/C,CAAC,CAAC;QAEH,OAAO,+BAA+B,CAAC,KAAK,CAAC,CAAC;KAC/C;SAAM;QACL;;;;;;;;;WASG;QACH,MAAM,EAAE,qBAAqB,EAAE,GAAG,kBAAkB,CAAC;QACrD,MAAM,QAAQ,GAAG,qBAAqB,EAAE,CAAC;QACzC,IAAI;YACF,MAAM,KAAK,GAAG,MAAM,QAAQ,EAAE,CAAC;YAC/B,OAAO,+BAA+B,CAAC;gBACrC,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,eAAe,EAAE,KAAK,CAAC,eAAe;gBACtC,KAAK,EAAE,KAAK,CAAC,YAAY;gBACzB,UAAU,EAAE,KAAK,CAAC,UAAU;aAC7B,CAAC,CAAC;SACJ;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,IAAI,qBAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;SACxC;KACF;AACH,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,WAAW,EAAE;QAClD,OAAO,WAAW,CAAC;KACpB;IAED,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAeD,KAAK,UAAU,OAAO,CACpB,GAAW,EACX,UAA0B,EAAE;IAE5B,OAAO,IAAI,OAAO,CAA+B,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACnE,MAAM,cAAc,GAAG;YACrB,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,IAAI;YACV,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;YACjB,GAAG,OAAO;SACX,CAAC;QAEF,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,EAAE;YAC7C,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAExB,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE;gBACjB,IAAI,IAAI,CAAC,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE;gBACnB,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE;oBAC1B,OAAO,CAAC,IAAI,CAAC,CAAC;oBACd,OAAO;iBACR;gBAED,IAAI;oBACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAChC,OAAO,CAAC,MAAM,CAAC,CAAC;iBACjB;gBAAC,MAAM;oBACN,kBAAkB;oBAClB,MAAM,CAAC,IAAI,yBAAiB,CAAC,2BAA2B,IAAI,GAAG,CAAC,CAAC,CAAC;iBACnE;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CACvB,GAAG,CAAC,OAAO,CAAC,IAAI,qBAAa,CAAC,kBAAkB,GAAG,oBAAoB,OAAO,CAAC,OAAO,KAAK,CAAC,CAAC,CAC9F,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1C,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC"}
package/lib/cmap/auth/mongodb_oidc/aws_service_workflow.js ADDED
@@ -0,0 +1,28 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.AwsServiceWorkflow = void 0;
4
+ const promises_1 = require("fs/promises");
5
+ const error_1 = require("../../../error");
6
+ const service_workflow_1 = require("./service_workflow");
7
+ /**
8
+ * Device workflow implementation for AWS.
9
+ *
10
+ * @internal
11
+ */
12
+ class AwsServiceWorkflow extends service_workflow_1.ServiceWorkflow {
13
+ constructor() {
14
+ super();
15
+ }
16
+ /**
17
+ * Get the token from the environment.
18
+ */
19
+ async getToken() {
20
+ const tokenFile = process.env.AWS_WEB_IDENTITY_TOKEN_FILE;
21
+ if (!tokenFile) {
22
+ throw new error_1.MongoAWSError('AWS_WEB_IDENTITY_TOKEN_FILE must be set in the environment.');
23
+ }
24
+ return (0, promises_1.readFile)(tokenFile, 'utf8');
25
+ }
26
+ }
27
+ exports.AwsServiceWorkflow = AwsServiceWorkflow;
28
+ //# sourceMappingURL=aws_service_workflow.js.map
package/lib/cmap/auth/mongodb_oidc/aws_service_workflow.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"aws_service_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/aws_service_workflow.ts"],"names":[],"mappings":";;;AAAA,0CAAuC;AAEvC,0CAA+C;AAC/C,yDAAqD;AAErD;;;;GAIG;AACH,MAAa,kBAAmB,SAAQ,kCAAe;IACrD;QACE,KAAK,EAAE,CAAC;IACV,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACZ,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;QAC1D,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,qBAAa,CAAC,6DAA6D,CAAC,CAAC;SACxF;QACD,OAAO,IAAA,mBAAQ,EAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACrC,CAAC;CACF;AAfD,gDAeC"}
package/lib/cmap/auth/mongodb_oidc/callback_workflow.js ADDED
@@ -0,0 +1,178 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.CallbackWorkflow = void 0;
4
+ const bson_1 = require("bson");
5
+ const error_1 = require("../../../error");
6
+ const utils_1 = require("../../../utils");
7
+ const providers_1 = require("../providers");
8
+ const token_entry_cache_1 = require("./token_entry_cache");
9
+ /* 5 minutes in milliseconds */
10
+ const TIMEOUT_MS = 300000;
11
+ /**
12
+ * OIDC implementation of a callback based workflow.
13
+ * @internal
14
+ */
15
+ class CallbackWorkflow {
16
+ /**
17
+ * Instantiate the workflow
18
+ */
19
+ constructor() {
20
+ this.cache = new token_entry_cache_1.TokenEntryCache();
21
+ }
22
+ /**
23
+ * Get the document to add for speculative authentication. Is empty when
24
+ * callbacks are in play.
25
+ */
26
+ speculativeAuth() {
27
+ return Promise.resolve({});
28
+ }
29
+ /**
30
+ * Execute the workflow.
31
+ *
32
+ * Steps:
33
+ * - If an entry is in the cache
34
+ * - If it is not expired
35
+ * - Skip step one and use the entry to execute step two.
36
+ * - If it is expired
37
+ * - If the refresh callback exists
38
+ * - remove expired entry from cache
39
+ * - call the refresh callback.
40
+ * - put the new entry in the cache.
41
+ * - execute step two.
42
+ * - If the refresh callback does not exist.
43
+ * - remove expired entry from cache
44
+ * - call the request callback.
45
+ * - put the new entry in the cache.
46
+ * - execute step two.
47
+ * - If no entry is in the cache.
48
+ * - execute step one.
49
+ * - call the refresh callback.
50
+ * - put the new entry in the cache.
51
+ * - execute step two.
52
+ */
53
+ async execute(connection, credentials, reauthenticate = false) {
54
+ const request = credentials.mechanismProperties.REQUEST_TOKEN_CALLBACK;
55
+ const refresh = credentials.mechanismProperties.REFRESH_TOKEN_CALLBACK;
56
+ const entry = this.cache.getEntry(connection.address, credentials.username, request || null, refresh || null);
57
+ if (entry) {
58
+ // Check if the entry is not expired and if we are reauthenticating.
59
+ if (!reauthenticate && entry.isValid()) {
60
+ // Skip step one and execute the step two saslContinue.
61
+ try {
62
+ const result = await finishAuth(entry.tokenResult, undefined, connection, credentials);
63
+ return result;
64
+ }
65
+ catch (error) {
66
+ // If authentication errors when using a cached token we remove it from
67
+ // the cache.
68
+ this.cache.deleteEntry(connection.address, credentials.username || '', request || null, refresh || null);
69
+ throw error;
70
+ }
71
+ }
72
+ else {
73
+ // Remove the expired entry from the cache.
74
+ this.cache.deleteEntry(connection.address, credentials.username || '', request || null, refresh || null);
75
+ // Execute a refresh of the token and finish auth.
76
+ return this.refreshAndFinish(connection, credentials, entry.serverResult, entry.tokenResult);
77
+ }
78
+ }
79
+ else {
80
+ // No entry means to start with the step one saslStart.
81
+ const result = await connection.commandAsync((0, utils_1.ns)(credentials.source), startCommandDocument(credentials), undefined);
82
+ const stepOne = bson_1.BSON.deserialize(result.payload.buffer);
83
+ // Call the request callback and finish auth.
84
+ return this.requestAndFinish(connection, credentials, stepOne, result.conversationId);
85
+ }
86
+ }
87
+ /**
88
+ * Execute the refresh callback if it exists, otherwise the request callback, then
89
+ * finish the authentication.
90
+ */
91
+ async refreshAndFinish(connection, credentials, stepOneResult, tokenResult, conversationId) {
92
+ const request = credentials.mechanismProperties.REQUEST_TOKEN_CALLBACK;
93
+ const refresh = credentials.mechanismProperties.REFRESH_TOKEN_CALLBACK;
94
+ // If a refresh callback exists, use it. Otherwise use the request callback.
95
+ if (refresh) {
96
+ const result = await refresh(credentials.username, stepOneResult, tokenResult, TIMEOUT_MS);
97
+ // Validate the result.
98
+ if (!result || !result.accessToken) {
99
+ throw new error_1.MongoMissingCredentialsError('REFRESH_TOKEN_CALLBACK must return a valid object with an accessToken');
100
+ }
101
+ // Cache a new entry and continue with the saslContinue.
102
+ this.cache.addEntry(connection.address, credentials.username || '', request || null, refresh, result, stepOneResult);
103
+ return finishAuth(result, conversationId, connection, credentials);
104
+ }
105
+ else {
106
+ // Fallback to using the request callback.
107
+ return this.requestAndFinish(connection, credentials, stepOneResult, conversationId);
108
+ }
109
+ }
110
+ /**
111
+ * Execute the request callback and finish authentication.
112
+ */
113
+ async requestAndFinish(connection, credentials, stepOneResult, conversationId) {
114
+ // Call the request callback.
115
+ const request = credentials.mechanismProperties.REQUEST_TOKEN_CALLBACK;
116
+ const refresh = credentials.mechanismProperties.REFRESH_TOKEN_CALLBACK;
117
+ // Always clear expired entries from the cache on each finish as cleanup.
118
+ this.cache.deleteExpiredEntries();
119
+ if (!request) {
120
+ // Request callback must be present.
121
+ throw new error_1.MongoInvalidArgumentError('Auth mechanism property REQUEST_TOKEN_CALLBACK is required.');
122
+ }
123
+ const tokenResult = await request(credentials.username, stepOneResult, TIMEOUT_MS);
124
+ // Validate the result.
125
+ if (!tokenResult || !tokenResult.accessToken) {
126
+ throw new error_1.MongoMissingCredentialsError('REQUEST_TOKEN_CALLBACK must return a valid object with an accessToken');
127
+ }
128
+ // Cache a new entry and continue with the saslContinue.
129
+ this.cache.addEntry(connection.address, credentials.username || '', request, refresh || null, tokenResult, stepOneResult);
130
+ return finishAuth(tokenResult, conversationId, connection, credentials);
131
+ }
132
+ }
133
+ exports.CallbackWorkflow = CallbackWorkflow;
134
+ /**
135
+ * Cache the result of the user supplied callback and execute the
136
+ * step two saslContinue.
137
+ */
138
+ async function finishAuth(result, conversationId, connection, credentials) {
139
+ // Execute the step two saslContinue.
140
+ return connection.commandAsync((0, utils_1.ns)(credentials.source), continueCommandDocument(result.accessToken, conversationId), undefined);
141
+ }
142
+ /**
143
+ * Generate the saslStart command document.
144
+ */
145
+ function startCommandDocument(credentials) {
146
+ const payload = {};
147
+ if (credentials.username) {
148
+ payload.n = credentials.username;
149
+ }
150
+ return {
151
+ saslStart: 1,
152
+ autoAuthorize: 1,
153
+ mechanism: providers_1.AuthMechanism.MONGODB_OIDC,
154
+ payload: new bson_1.Binary(bson_1.BSON.serialize(payload))
155
+ };
156
+ }
157
+ /**
158
+ * Generate the saslContinue command document.
159
+ */
160
+ function continueCommandDocument(token, conversationId) {
161
+ if (conversationId) {
162
+ return {
163
+ saslContinue: 1,
164
+ conversationId: conversationId,
165
+ payload: new bson_1.Binary(bson_1.BSON.serialize({ jwt: token }))
166
+ };
167
+ }
168
+ // saslContinue requires a conversationId in the command to be valid so in this
169
+ // case the server allows "step two" to actually be a saslStart with the token
170
+ // as the jwt since the use of the cached value has no correlating conversating
171
+ // on the particular connection.
172
+ return {
173
+ saslStart: 1,
174
+ mechanism: providers_1.AuthMechanism.MONGODB_OIDC,
175
+ payload: new bson_1.Binary(bson_1.BSON.serialize({ jwt: token }))
176
+ };
177
+ }
178
+ //# sourceMappingURL=callback_workflow.js.map
package/lib/cmap/auth/mongodb_oidc/callback_workflow.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"callback_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/callback_workflow.ts"],"names":[],"mappings":";;;AAAA,+BAAmD;AAEnD,0CAAyF;AACzF,0CAAoC;AAIpC,4CAA6C;AAC7C,2DAAsD;AAGtD,+BAA+B;AAC/B,MAAM,UAAU,GAAG,MAAM,CAAC;AAE1B;;;GAGG;AACH,MAAa,gBAAgB;IAG3B;;OAEG;IACH;QACE,IAAI,CAAC,KAAK,GAAG,IAAI,mCAAe,EAAE,CAAC;IACrC,CAAC;IAED;;;OAGG;IACH,eAAe;QACb,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,KAAK,CAAC,OAAO,CACX,UAAsB,EACtB,WAA6B,EAC7B,cAAc,GAAG,KAAK;QAEtB,MAAM,OAAO,GAAG,WAAW,CAAC,mBAAmB,CAAC,sBAAsB,CAAC;QACvE,MAAM,OAAO,GAAG,WAAW,CAAC,mBAAmB,CAAC,sBAAsB,CAAC;QAEvE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAC/B,UAAU,CAAC,OAAO,EAClB,WAAW,CAAC,QAAQ,EACpB,OAAO,IAAI,IAAI,EACf,OAAO,IAAI,IAAI,CAChB,CAAC;QACF,IAAI,KAAK,EAAE;YACT,oEAAoE;YACpE,IAAI,CAAC,cAAc,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE;gBACtC,uDAAuD;gBACvD,IAAI;oBACF,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;oBACvF,OAAO,MAAM,CAAC;iBACf;gBAAC,OAAO,KAAK,EAAE;oBACd,uEAAuE;oBACvE,aAAa;oBACb,IAAI,CAAC,KAAK,CAAC,WAAW,CACpB,UAAU,CAAC,OAAO,EAClB,WAAW,CAAC,QAAQ,IAAI,EAAE,EAC1B,OAAO,IAAI,IAAI,EACf,OAAO,IAAI,IAAI,CAChB,CAAC;oBACF,MAAM,KAAK,CAAC;iBACb;aACF;iBAAM;gBACL,2CAA2C;gBAC3C,IAAI,CAAC,KAAK,CAAC,WAAW,CACpB,UAAU,CAAC,OAAO,EAClB,WAAW,CAAC,QAAQ,IAAI,EAAE,EAC1B,OAAO,IAAI,IAAI,EACf,OAAO,IAAI,IAAI,CAChB,CAAC;gBACF,kDAAkD;gBAClD,OAAO,IAAI,CAAC,gBAAgB,CAC1B,UAAU,EACV,WAAW,EACX,KAAK,CAAC,YAAY,EAClB,KAAK,CAAC,WAAW,CAClB,CAAC;aACH;SACF;aAAM;YACL,uDAAuD;YACvD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,YAAY,CAC1C,IAAA,UAAE,EAAC,WAAW,CAAC,MAAM,CAAC,EACtB,oBAAoB,CAAC,WAAW,CAAC,EACjC,SAAS,CACV,CAAC;YACF,MAAM,OAAO,GAAG,WAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAA6B,CAAC;YACpF,6CAA6C;YAC7C,OAAO,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;SACvF;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,gBAAgB,CAC5B,UAAsB,EACtB,WAA6B,EAC7B,aAAuC,EACvC,WAAmC,EACnC,cAAuB;QAEvB,MAAM,OAAO,GAAG,WAAW,CAAC,mBAAmB,CAAC,sBAAsB,CAAC;QACvE,MAAM,OAAO,GAAG,WAAW,CAAC,mBAAmB,CAAC,sBAAsB,CAAC;QACvE,4EAA4E;QAC5E,IAAI,OAAO,EAAE;YACX,MAAM,MAAM,GAA2B,MAAM,OAAO,CAClD,WAAW,CAAC,QAAQ,EACpB,aAAa,EACb,WAAW,EACX,UAAU,CACX,CAAC;YACF,uBAAuB;YACvB,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE;gBAClC,MAAM,IAAI,oCAA4B,CACpC,uEAAuE,CACxE,CAAC;aACH;YACD,wDAAwD;YACxD,IAAI,CAAC,KAAK,CAAC,QAAQ,CACjB,UAAU,CAAC,OAAO,EAClB,WAAW,CAAC,QAAQ,IAAI,EAAE,EAC1B,OAAO,IAAI,IAAI,EACf,OAAO,EACP,MAAM,EACN,aAAa,CACd,CAAC;YACF,OAAO,UAAU,CAAC,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;SACpE;aAAM;YACL,0CAA0C;YAC1C,OAAO,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC,CAAC;SACtF;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAC5B,UAAsB,EACtB,WAA6B,EAC7B,aAAuC,EACvC,cAAuB;QAEvB,6BAA6B;QAC7B,MAAM,OAAO,GAAG,WAAW,CAAC,mBAAmB,CAAC,sBAAsB,CAAC;QACvE,MAAM,OAAO,GAAG,WAAW,CAAC,mBAAmB,CAAC,sBAAsB,CAAC;QACvE,yEAAyE;QACzE,IAAI,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC;QAClC,IAAI,CAAC,OAAO,EAAE;YACZ,oCAAoC;YACpC,MAAM,IAAI,iCAAyB,CACjC,6DAA6D,CAC9D,CAAC;SACH;QACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,QAAQ,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;QACnF,uBAAuB;QACvB,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE;YAC5C,MAAM,IAAI,oCAA4B,CACpC,uEAAuE,CACxE,CAAC;SACH;QACD,wDAAwD;QACxD,IAAI,CAAC,KAAK,CAAC,QAAQ,CACjB,UAAU,CAAC,OAAO,EAClB,WAAW,CAAC,QAAQ,IAAI,EAAE,EAC1B,OAAO,EACP,OAAO,IAAI,IAAI,EACf,WAAW,EACX,aAAa,CACd,CAAC;QACF,OAAO,UAAU,CAAC,WAAW,EAAE,cAAc,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;IAC1E,CAAC;CACF;AAxLD,4CAwLC;AAED;;;GAGG;AACH,KAAK,UAAU,UAAU,CACvB,MAA8B,EAC9B,cAAkC,EAClC,UAAsB,EACtB,WAA6B;IAE7B,qCAAqC;IACrC,OAAO,UAAU,CAAC,YAAY,CAC5B,IAAA,UAAE,EAAC,WAAW,CAAC,MAAM,CAAC,EACtB,uBAAuB,CAAC,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,EAC3D,SAAS,CACV,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,WAA6B;IACzD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,WAAW,CAAC,QAAQ,EAAE;QACxB,OAAO,CAAC,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC;KAClC;IACD,OAAO;QACL,SAAS,EAAE,CAAC;QACZ,aAAa,EAAE,CAAC;QAChB,SAAS,EAAE,yBAAa,CAAC,YAAY;QACrC,OAAO,EAAE,IAAI,aAAM,CAAC,WAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;KAC7C,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,KAAa,EAAE,cAAuB;IACrE,IAAI,cAAc,EAAE;QAClB,OAAO;YACL,YAAY,EAAE,CAAC;YACf,cAAc,EAAE,cAAc;YAC9B,OAAO,EAAE,IAAI,aAAM,CAAC,WAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;SACpD,CAAC;KACH;IACD,+EAA+E;IAC/E,8EAA8E;IAC9E,+EAA+E;IAC/E,gCAAgC;IAChC,OAAO;QACL,SAAS,EAAE,CAAC;QACZ,SAAS,EAAE,yBAAa,CAAC,YAAY;QACrC,OAAO,EAAE,IAAI,aAAM,CAAC,WAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;KACpD,CAAC;AACJ,CAAC"}
package/lib/cmap/auth/mongodb_oidc/service_workflow.js ADDED
@@ -0,0 +1,41 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.commandDocument = exports.ServiceWorkflow = void 0;
4
+ const bson_1 = require("bson");
5
+ const utils_1 = require("../../../utils");
6
+ const providers_1 = require("../providers");
7
+ /**
8
+ * Common behaviour for OIDC device workflows.
9
+ * @internal
10
+ */
11
+ class ServiceWorkflow {
12
+ /**
13
+ * Execute the workflow. Looks for AWS_WEB_IDENTITY_TOKEN_FILE in the environment
14
+ * and then attempts to read the token from that path.
15
+ */
16
+ async execute(connection, credentials) {
17
+ const token = await this.getToken();
18
+ const command = commandDocument(token);
19
+ return connection.commandAsync((0, utils_1.ns)(credentials.source), command, undefined);
20
+ }
21
+ /**
22
+ * Get the document to add for speculative authentication.
23
+ */
24
+ async speculativeAuth() {
25
+ const token = await this.getToken();
26
+ return { speculativeAuthenticate: commandDocument(token) };
27
+ }
28
+ }
29
+ exports.ServiceWorkflow = ServiceWorkflow;
30
+ /**
31
+ * Create the saslStart command document.
32
+ */
33
+ function commandDocument(token) {
34
+ return {
35
+ saslStart: 1,
36
+ mechanism: providers_1.AuthMechanism.MONGODB_OIDC,
37
+ payload: bson_1.BSON.serialize({ jwt: token })
38
+ };
39
+ }
40
+ exports.commandDocument = commandDocument;
41
+ //# sourceMappingURL=service_workflow.js.map